<?php

// 定义 token
define("TOKEN", "crazycat");
//实例化对象
$wechatObj = new wechatCallbackapiTest();
//调用函数
if (isset($_GET['echostr'])) {
    $wechatObj->valid();
}else{
    $wechatObj->responseMsg();
}


class wechatCallbackapiTest
{
    public function valid()
    {
        $echoStr = $_GET["echostr"];
        if($this->checkSignature()){
            echo $echoStr;
            exit;
        }
    }
    
    public function responseMsg()
    {
        // 获取微信服务器发过来的xml数据
        $postStr = $GLOBALS["HTTP_RAW_POST_DATA"];
        
        if (!empty($postStr)){
            libxml_disable_entity_loader(true);//安全防护
            
            // 加载xml数据
            $postObj = simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
            $fromUsername = $postObj->FromUserName; // 发送消息的用户名
            $toUsername = $postObj->ToUserName;  // 接收消息的用户名
            $createTime = $postObj->CreateTime;  // 消息发送时间
            $msgType = $postObj->MsgType;   // 获取用户发送内容的数据类型
            $content = $postObj->Content;  // 获取用户发送的内容
            $msgId = $postObj->MsgId;
            if($msgType == 'text'){
                $returnXml = '<xml>';
                $returnXml .= '<ToUserName><![CDATA['.$fromUsername.']]></ToUserName>';
                $returnXml .= '<FromUserName><![CDATA['.$toUsername.']]></FromUserName>';
                $returnXml .= '<CreateTime>'.time().'</CreateTime>';
                $returnXml .= '<MsgType><![CDATA[text]]></MsgType>';
                $returnXml .= '<Content><![CDATA['.$content.']]></Content>';
                $returnXml .= '</xml>';
                echo $returnXml;
            }elseif($msgType == 'event'){ // 菜单点击事件
                
                $eventKey = $postObj->EventKey;
                
                $returnXml = '<xml>';
                $returnXml .= '<ToUserName><![CDATA['.$fromUsername.']]></ToUserName>';
                $returnXml .= '<FromUserName><![CDATA['.$toUsername.']]></FromUserName>';
                $returnXml .= '<CreateTime>'.time().'</CreateTime>';
                $returnXml .= '<MsgType><![CDATA[text]]></MsgType>';
                $returnXml .= '<Content><![CDATA['.$eventKey.']]></Content>';
                $returnXml .= '</xml>';
                echo $returnXml;
                
            }else{
                $textTpl = "<xml>
                        <ToUserName><![CDATA[%s]]></ToUserName>
                        <FromUserName><![CDATA[%s]]></FromUserName>
                        <CreateTime>%s</CreateTime>
                        <MsgType><![CDATA[text]]></MsgType>
                        <Content><![CDATA[%s]]></Content>
                        <FuncFlag>0</FuncFlag>
                        </xml>";
                $time = time();
                $contentStr = "您发的消息类型不是文本。而是".$msgType;
                $resultStr = sprintf($textTpl, $fromUsername, $toUsername, $time, $contentStr);
                echo $resultStr;
            }
            
        }
    }
    
    private function checkSignature()
    {
        if (!defined("TOKEN")) {
            return false;
        }
        $signature = $_GET["signature"];
        $timestamp = $_GET["timestamp"];
        $nonce = $_GET["nonce"];
        $token = TOKEN;
        $tmpArr = array($token, $timestamp, $nonce);
        sort($tmpArr, SORT_STRING);
        $tmpStr = implode( $tmpArr );
        $tmpStr = sha1( $tmpStr );
        
        if( $tmpStr == $signature ){
            return true;
        }else{
            return false;
        }
    }
}

?> 